Clients,
Below is a snippet from a security show talking about compromising a network. It's a bit deep in technical jargon but the important part is two fold: 1) don't open stuff you don't know about, and 2) run MS critical updates and virus protection often.
http://www.grc.com/sn/SN-091.pdf - (zero day exploits simply mean they are hacking you from the day the bug is published/released.)
But when it comes to these client application vulnerabilities, the easiest way to really do some damage and get some data out of a company is to send the Microsoft Word zero-day to the HR department at a large company, and the lady in HR opens it, Word disappears, she’s none the wiser, now I have that computer compromised. Now that I’m on the inside of your network, I take a remote attack like the DNS zero-day to target your active directory server. And now I’ve compromised that, and I can do anything I want to your company. And this all happens within a few hours.
Saturday, May 12, 2007
Thursday, May 10, 2007
KISS OF (UPDATE) DEATH ...
Clients,
A number of you have been bit in the last several days with a bug in the Microsoft Automatic Updates. This service starts with the computer and talks with Microsoft to determine what patches need to be installed on your computer. Recently, this service has been crashing rendering your computer incapable of anything other than a hard reboot to recover its attention. You see a message containing information about svchost and 0x7… in a dialog and are asked to send a report to Microsoft.
If you are experiencing this behavior or just instability, the solution is simple.
1) Restart your computer.
2) Immediately open the Automatic Updates Control panel and turn it off.
3) Manually run the updates from the Start -> All Programs -> Microsoft Update menu item. This might require a ½ hour to complete before rebooting.
4) Open the Automatic Updates Control panel and turn it on.
Steps 4 is optional but the problem is fixed after running the manual update in step 3.
A number of you have been bit in the last several days with a bug in the Microsoft Automatic Updates. This service starts with the computer and talks with Microsoft to determine what patches need to be installed on your computer. Recently, this service has been crashing rendering your computer incapable of anything other than a hard reboot to recover its attention. You see a message containing information about svchost and 0x7… in a dialog and are asked to send a report to Microsoft.
If you are experiencing this behavior or just instability, the solution is simple.
1) Restart your computer.
2) Immediately open the Automatic Updates Control panel and turn it off.
3) Manually run the updates from the Start -> All Programs -> Microsoft Update menu item. This might require a ½ hour to complete before rebooting.
4) Open the Automatic Updates Control panel and turn it on.
Steps 4 is optional but the problem is fixed after running the manual update in step 3.
Subscribe to:
Posts (Atom)
